受影响系统:
Computer Associates ARCserve Backup r12.0 Windows
Computer Associates ARCserve Backup r12.0 SP1 Windows
描述:
BUGTRAQ ID: 35396
CVE(CAN) ID: CVE-2009-1761
CA的ARCserve Backup可为各种平台的服务器提供备份和恢复保护功能。
ARCserve Backup消息引擎中的多个模块存在拒绝服务的情况。如果远程攻击者向监听的6503/TCP端口发送恶意的RPC报文的话,就可以触发上述漏洞。以下是相关的接口信息:
[
uuid(dc246bf0-7a7a-11ce-9f88-00805fe43838),
version(1.0)
]
interface mIDA_interface
{
/* opcode: 0x13 */
long (
[in] long arg_1,
[in] short arg_2,
[in][size_is(65536), length_is(65536)] char * arg_3,
[in] long arg_4,
[out] long * arg_5
);
}
[
uuid(dc246bf0-7a7a-11ce-9f88-00805fe43838),
version(1.0)
]
interface mIDA_interface
{
typedef struct struct_9 {
long elem_1;
long elem_2;
char * elem_3;
char * elem_4;
long elem_5;
long elem_6;
long elem_7;
long elem_8;
short elem_9;
short elem_10;
} struct_9 ;
/* opcode: 0x3B, */
long (
[in, out] struct struct_9 * arg_1
);
}
<*来源:Nibin Varghese
链接:http://secunia.com/advisories/35473/
http://www.ivizsecurity.com/security-advisory-iviz-sr-09003.html
http://www.ivizsecurity.com/security-advisory-iviz-sr-09004.html
http://marc.info/?l=bugtraq&m=124516745209867&w=2
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
arg_1 = 0x1
arg_4 = 0x1
arg_3 = { a character array of 65536 }
建议:
厂商补丁:
Computer Associates
——————-
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=2095
0 条评论。